LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 02-01-2007, 06:09 AM   #1
Nyx
LQ Newbie
 
Registered: Feb 2007
Posts: 3

Rep: Reputation: 0
A question concerning the 'dd'-command


Hello,

would the simple use of

dd if=/dev/zero of=/dev/hdX

get rid of a bootvirus? I'd think that it is sufficient, yet am not completely sure about it.


Regards,

Nyx
 
Old 02-01-2007, 06:14 AM   #2
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,267

Rep: Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028
Yep.
But will take a while on a reasonable sized disk. As in several hours. Try
Code:
dd if=/dev/zero of=/dev/hdX bs=1 count=446
to save some time,and have the same effect.
 
Old 02-01-2007, 06:21 AM   #3
saikee
Senior Member
 
Registered: Sep 2005
Location: Newcastle upon Tyne UK
Distribution: Any free distro.
Posts: 3,398
Blog Entries: 1

Rep: Reputation: 112Reputation: 112
I think the bs=446 will nuke the MBR portion of the boot loader. The rest can be inside the rest of the boot sector which is the track 0. Norton Ghost for example can store the entire cloning program inside the boot sector when exiting Xp, reboots and fires up the cloning program in DrDos.

Mind you syg00 is right in saying hdX will take a long time as you are cleaning up the entire disk.

Last edited by saikee; 02-01-2007 at 06:24 AM.
 
Old 02-01-2007, 06:35 AM   #4
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,267

Rep: Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028
"Boot viruses" as they are known in the windoze world must exist in the area reserved for executable code in the MBR.
Generally they use "unused" areas within that 446 byte range.

My first foray into intel assembler code was to hand de-code the Michaelangelo virus that had eaten one of our office machines.
What a piece of work that was - code in its most extreme simplicity.
I still have an "infected" floppy for educational purposes.
 
Old 02-02-2007, 08:20 AM   #5
Nyx
LQ Newbie
 
Registered: Feb 2007
Posts: 3

Original Poster
Rep: Reputation: 0
Thank you for your answers. I was planning to wipe the disk anyway so I'll just let it work for a few hours. I don't think I have caught any virus, just wanted to be sure 'dd' would do the trick.

Another question about the blocksize: the default bs is 512 bytes. Is a 'dd' with decreased blocksize more accurate/slower?

It's obviously needed if one wants to take care about a smaller part of a storage device - but is there more to it than just that?

Last edited by Nyx; 02-02-2007 at 08:25 AM.
 
Old 02-02-2007, 05:02 PM   #6
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 12,267

Rep: Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028Reputation: 1028
Nope - was required in that case.
For doing a whole disk think about using a *large* blocksize. I use 4k out of habit, but no reason (other than memory maybe) not to use something significantly larger.
Will speed things up nicely.
 
Old 02-04-2007, 04:52 AM   #7
Nyx
LQ Newbie
 
Registered: Feb 2007
Posts: 3

Original Poster
Rep: Reputation: 0
Thank you for your help.

Nyx
 
Old 02-04-2007, 05:49 AM   #8
Junior Hacker
Senior Member
 
Registered: Jan 2005
Location: North America
Distribution: Debian testing Mandriva Ubuntu
Posts: 2,687

Rep: Reputation: 59
You know, ......

Well,.........OK, I'll keep my smart mouth shut for saikee.
 
Old 02-04-2007, 06:20 AM   #9
saikee
Senior Member
 
Registered: Sep 2005
Location: Newcastle upon Tyne UK
Distribution: Any free distro.
Posts: 3,398
Blog Entries: 1

Rep: Reputation: 112Reputation: 112
Junior Hacker,

Is your post in the wrong thread? Why would you need to shut your mouth in the very first post to thread?

Being human I am not always right and am just learning from others experience here. For example syg00 has taught me something about boot viruses that I am not aware of.

Nobody needs to shut up. If he/she has something to bring to the table the more the merrier.
 
Old 02-04-2007, 08:03 AM   #10
Junior Hacker
Senior Member
 
Registered: Jan 2005
Location: North America
Distribution: Debian testing Mandriva Ubuntu
Posts: 2,687

Rep: Reputation: 59
Thought I would spark interest from the thread starter, not ruffle your feathers, but then again, I was looking for both. You and I are somewhat two of a kind, we should converse through the e-mail link associated with our forum names rather than duke it out in a public place. I'ts 7 am here, time to hit the hay, please talk to me, I'll respond in due time. (When I awake).

PS: I'm pretty sure I found a friend.
 
  


Reply

Tags
dd, virus


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re-partition USB drive and undo 'dd' idk666 Linux - Hardware 2 10-18-2006 02:32 PM
Encrypting an Existing FS with 'dd' ta0kira Linux - Security 2 01-24-2006 01:35 PM
Use 'dd' to wipe only partition table linuxchump Linux - General 4 08-20-2005 11:03 AM
the art of 'dd' and harddrives bardinjw Linux - General 5 05-26-2005 08:08 AM
problem about 'dd' jackandking Linux - Software 2 04-10-2005 09:35 AM


All times are GMT -5. The time now is 05:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration